Initial commit

This commit is contained in:
Claudio Maggioni 2017-05-22 16:16:25 +02:00
commit 95aa4f43f4
5 changed files with 163 additions and 0 deletions

25
dashboard.php Normal file
View file

@ -0,0 +1,25 @@
<?php
include 'globals.php';
if (!isset($_SESSION['cliente'])) {
header('Location: login.php');
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Negozio Virtuale</title>
</head>
<body>
<h1> Negozio online: Servizi </h1>
<h3> Benvenuto, <?php echo $_SESSION['cliente']; ?> !</h3>
<ol>
<li><a href=""> Gestisci il tuo profilo </a></li>
<li><a href=""> Segui i tuoi ordini </a></li>
<li><a href=""> Accedi al carrello </a></li>
<li><a href="logout.php"> Disconnetti </a></li>
</ol>
</body>
</html>

13
globals.php Normal file
View file

@ -0,0 +1,13 @@
<?php
define('DB_HOST', 'localhost');
define('DB_USER', 'root');
define('DB_PASS', 'password');
define('DB_NAME', 'negozio_online');
session_start();
//ignora sotto
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

52
login.php Normal file
View file

@ -0,0 +1,52 @@
<?php
include 'globals.php';
if (isset($_SESSION['cliente'])) {
header('Location: dashboard.php');
die();
}
if (isset($_POST['submit'])) {
$conn = @mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME) or die(mysqli_connect_error());
$usr=$_POST['name'];
$psw=$_POST['password'];
$query = "SELECT * FROM clienti WHERE Username='$usr' AND Password='$psw'";
$ris = @mysqli_query($conn, $query) or die("Errore!!");
if (@mysqli_num_rows($ris) == 1) {
$riga = mysqli_fetch_array($ris, MYSQLI_ASSOC);
if ($riga['Tok'] !== 'valido') {
$msg = 'Validazione mail non effettuata';
} else {
$_SESSION['cliente'] = $riga['Username'];
header('Location: dashboard.php');
die();
}
} else {
$msg = 'Accesso negato!';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="description" content="Negozio virtuale">
<meta name="keywords" content="php.server">
<title>Negozio Virtuale</title>
</head>
<body>
<h1>Login</h1>
<a href="./register.php">Registrati</a>
<?php if (isset($msg)) {
echo "<p>$msg</p>";
} ?>
<form action="login.php" method="post">
<input type="text" name="name" size="50" maxlength="50" placeholder="username" accesskey="U" tabindex="1"/><br/>
<input type="password" name="password" placeholder="password" size="50" maxlength="50" accesskey="U" tabindex="1"/><br/>
<input type="submit" class="submit" name="submit" value="Accedi" />
</form>
</body>
</html>

4
logout.php Normal file
View file

@ -0,0 +1,4 @@
<?php
session_start();
session_destroy();
header('Location: login.php');

69
register.php Normal file
View file

@ -0,0 +1,69 @@
<?php
include 'globals.php';
if (isset($_SESSION['cliente'])) {
header('Location: dashboard.php');
die();
} else {
$conn = @mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME) or die(mysqli_connect_error());
}
if (isset($_GET['tok']) && isset($_GET['user'])) {
$query = 'SELECT * FROM `clienti` WHERE Username=\''.$_GET['user'].'\' AND Tok=\''.$_GET['tok'].'\'';
$ris = @mysqli_query($conn, $query) or die('Errore');
if (mysqli_num_rows($ris) != 1) {
$msg = 'Validazione mail non valida';
} else {
$query = 'UPDATE `clienti` SET Tok=\'valido\' WHERE Username=\''.$_GET['user'].'\' AND Tok=\''.$_GET['tok'].'\'';
$ris = @mysqli_query($conn, $query) or die('Errore');
header('Location: login.php');
die();
}
}
if (isset($_POST['register'])) {
$usr=$_POST['name'];
$psw=$_POST['password'];
$email=$_POST['email'];
$query = "SELECT * FROM `clienti` WHERE Username='$usr' OR Email='$email'";
$ris = @mysqli_query($conn, $query) or die('Errore');
if (mysqli_num_rows($ris) > 0) {
$msg = 'Utente già registrato';
} else {
$tok = bin2hex(random_bytes(15));
$query = "INSERT INTO `clienti` (`Username`, `Password`, `Email`, `Tok`) VALUES ('$usr','$psw','$email','$tok')";
$ris = @mysqli_query($conn, $query) or die('Errore');
$message = "Benvenuto!\r\nPer registrarti, vai al link:\r\n\r\nhttp://"
.'phpinfo.localhost/sito/register.php?tok='.htmlspecialchars($tok)
.'&user='.htmlspecialchars($usr);
mail($email, 'Registrati', $message);
header('Location: login.php');
die();
}
} ?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="description" content="Negozio virtuale">
<meta name="keywords" content="php.server">
<title>Negozio Virtuale</title>
</head>
<body>
<h1>Registrati</h1>
<a href="./login.php">Login</a>
<?php if (isset($msg)) {
echo "<p>$msg</p>";
} ?>
<form action="register.php" method="post">
<input type="text" name="name" placeholder="username"/><br/>
<input type="password" name="password" placeholder="password"/><br/>
<input type="email" name="email" placeholder="indirizzo email"/><br/>
<input type="submit" class="submit" name="register" value="Registrati" />
</form>
</body>
</html>